Every day I experience life in the world of healthcare IT, supporting 3000 doctors, 18000 faculty, and 3 million patients. In this blog I record my experiences with infrastructure, applications, policies, management, and governance as well as muse on such topics such as reducing our carbon footprint, standardizing data in healthcare, and living life to its fullest.

Wednesday, May 4, 2011

Breach Fatigue

Every day the headlines are filled with so many such security issues that it almost seems like background noise. Just as too much decision support can result in alert fatigue and too many false alarms can result in alarm fatigue, the barrage of security breach news can lead to breach fatigue, causing you to let down your guard. Forewarned is forearmed, so push aside your breach fatigue and plan for the day when you will have to run your own breach notification. Here's a task list to guide you:

Remediation
Cross-Organizational Review of processes and procedures which led to the breach
Remediation of root causes
Security policy updates as needed
Laptop encryption as needed
Additional training as needed

Follow the advice of your privacy officer and your legal counsel completely. Be transparent. Over communicate. Use the event as a teachable moment for your organization and your community. Be humble and apologize. Protect the patients and the providers.

As we continue the journey toward automation of electronic records to enhance safety and quality, we must retain the trust of our patients. Following the plan above will go far to address those events that occur as we all learn how to be better protectors of the data we host.